Perform operations on G Suite users, groups and roles via Workflow Automator


Orchestration apps let you automate repeatable tasks and actions that span across a diverse set of systems and applications using workflows. The list of actions supported for this app include:

User Management

  1. Get User

  2. Create User

  3. Update User

  4. Delete User

  5. Undelete User

  6. Make User Super Admin

  7. Reset Password

  8. Get Schema

Role Management

  1. Assign a Role To User

  2. Get Role Assignment

  3. Delete Role Assignment

    Group Management

  1. Get Group Details

  2. Create Group

  3. Update Group

  4. Delete Group

  5. Get Group Member

  6. Assign Member to Group

  7. Update group member

  8. Delete group member

  9. Check Group Member

  10. Assign Member to Multiple Groups


To install and authenticate the app you need to provide the following input: 

  1. Box Config 

  2. Private Key

  3. Private Key Id

  4. Email Id (The Gsuite account email address) 

Step 1: Create a Service Account

Set up a Service Account project in the Google API Console.

  1. Create a new project (or select an existing one)

  1. Click on Create service account.

  1. Under Service account details, type a name, ID, and description for the service account, then click Create.

  1. Under Service account permissions, select the IAM roles as 'Project Owner' to grant to the service account, then click Continue.

  1. Optional: Under Grant users access to this service account, add the users or groups that are allowed to use and manage the service account.

  1. After the service account is created, open the service account, click on "Edit" then click "Add Key" under "Keys", then click "Create New Key".

  1. Make sure the key type is set to JSON and click Create.

  1. Click Close > Save.

  1. Save the downloaded JSON key.

Your new public/private key pair is generated and downloaded to your machine; it serves as the only copy of the private key. You are responsible for storing it securely. If you lose this key pair, you will need to generate a new one.

Note: The Client EmailPrivate Key and Private Key Id used as app installation inputs are obtained from the Service account JSON file downloaded. So one needs to copy these parameters from the downloaded JSON file and give the app input as shown below.

  1. Then go inside the Service account created and click on "Show Domain-Wide Delegation" and then tick "Enable G Suite Domain-wide Delegation" and then Save. 

Step 2: Enable Admin SDK API

  1. Open your project in the API Console. Click on ENABLE APIS AND SERVICES

  1. In the list of APIs, search and click Admin SDK API.

  1. Click on ENABLE to enable Admin SDK API

Step 3: Assign OAUTH Scopes for Admin SDK API

  1. Go to Admin console. From the Admin console,  go to Home > Security > API controls.

  1. Under Domain-wide delegation, click Manage Domain Wide Delegation.

  1. On the Manage domain-wide delegation page, click Add new.

  1. Enter the client ID of the service account or OAuth2 client ID of the app.

  2. Under the OAuth Scope, add each scope that the application can access.

  3. Click Authorize

Provide the following OAuth scopes using the above steps

1. https://www.googleapis.com/auth/admin.directory.group

2. https://www.googleapis.com/auth/admin.directory.group.member

3. https://www.googleapis.com/auth/admin.directory.group.readonly

4. https://www.googleapis.com/auth/admin.directory.user

5. https://www.googleapis.com/auth/admin.directory.user.readonly

6. https://www.googleapis.com/auth/admin.directory.user.security

7. https://www.googleapis.com/auth/admin.directory.group.member.readonly

8. https://www.googleapis.com/auth/admin.directory.rolemanagement.readonly

9. https://www.googleapis.com/auth/admin.directory.rolemanagement


Now that you've successfully installed the GSuite orchestration app, please have a look at the sample use case below to show how the app can be used efficiently.